[BUGFIX] Only use SaltedHashingMethods marked as available 20/57520/5
authorOliver Hader <oliver@typo3.org>
Mon, 9 Jul 2018 20:30:35 +0000 (22:30 +0200)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Thu, 19 Jul 2018 07:21:14 +0000 (09:21 +0200)
When determining the SaltedHashingMethod of a salted hash check only
SaltedHashingMethods which are marked as available.

Resolves: #85526
Releases: master, 8.7
Change-Id: I72ca88ce35c891dc149d0628543d30b6c4122407
Reviewed-on: https://review.typo3.org/57520
Reviewed-by: Stephan GroƟberndt <stephan.grossberndt@typo3.org>
Reviewed-by: Xavier Perseguers <xavier@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php

index 642bff8..9a850a6 100644 (file)
@@ -128,7 +128,7 @@ class SaltFactory
         $methodFound = false;
         foreach ($registeredMethods as $method) {
             $objectInstance = GeneralUtility::makeInstance($method);
-            if ($objectInstance instanceof SaltInterface) {
+            if ($objectInstance instanceof SaltInterface && $objectInstance->isAvailable()) {
                 $methodFound = $objectInstance->isValidSaltedPW($saltedHash);
                 if ($methodFound) {
                     self::$instance = $objectInstance;